Enterprises, such as corporations and other organizations, typically define policies for purposes of enterprise management. Enterprise management refers to the identification and management of users and network-based resources, such as computers. Typically, policies designate access to or configuration of resources. The enterprise policies define boundaries or scope of access permissions.
Enterprise policies are typically a combination of “business/security policies” and “systems policies”. Business/security policies (also called “published policies”) define general guidelines for access to network-based resources, including secure access, and restrictions on use. Published policies can be presented to business staff and visitors by means of electronically published media, such as Hyper Text Markup Language (HTML) or other text-based media. Systems policies present the mechanism for implementing the published policies into enforceable computer and user configurations. Available platforms provide architectures to implement systems policies. For example, WINDOWS ACTIVE DIRECTORY from MICROSOFT CORPORATION implements system policies using Group Policy Objects (GPOs).
Using conventional approaches, system policies can be conveniently configured in one-to-all, one-to-many, and one-to-specific arrangements with respect to users and electronic resources. In such approaches, corporate data portals (such as a network data share) host and present the various published policies of the enterprise. These portals also present approved exceptions to published policies, which are issued under certain situations to a limited number of staff or resources. In a distributed enterprise, each domain, or group of users and resources, typically has its own instance of the systems policies, which the domain uses to enforce the guidelines derived from published policies.
Unfortunately, securing and otherwise managing access to the network-based resources involves making and managing an increasing number of systems policies. As the number of systems policies increases, and the number of exceptions to published policies increases, it becomes difficult to immediately determine the associations of each published policy and policy exception to all systems policies. No automated systems exist to associate published policies to multiple instances of systems policies, to include publish policy exceptions into the associations, and to automate management of changes between published policies and systems policies and the distributed enterprise.